class AuthController < ApplicationController

  layout "auth"
  
  before_filter :general_authorize, :except => [:login, :xhr_auth_failure]

  def login
    session[:user_id] = nil
    if request.post?
      user = User.authenticate(params[:username], params[:password])
      if user
        session[:user_id] = user.id
        redirect_to(session[:original_uri] || { :action => 'index' })
      else
        flash[:notice] = "Invalid user/password combination"
      end
    else
      session[:original_uri]=flash[:original_uri]
    end
  end

  def logout
    session[:user_id] = nil
    flash[:notice] = "Logged out"
    redirect_to(:action => 'login')
  end

  def index
  end
end
